CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35145
https://notcve.org/view.php?id=CVE-2020-35145
29 Jan 2021 — Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. • https://www.acronis.com/en-us/products/true-image • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25249 – Trend Micro Apex One TmCCSF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25249
29 Jan 2021 — An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. ... Tenga en cuenta: un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected... • https://success.trendmicro.com/solution/000284202 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25248 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25248
29 Jan 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000284202 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25247
https://notcve.org/view.php?id=CVE-2021-25247
27 Jan 2021 — A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10180 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22159
https://notcve.org/view.php?id=CVE-2021-22159
26 Jan 2021 — Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. • https://www.proofpoint.com/us/security/security-advisories • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-26941
https://notcve.org/view.php?id=CVE-2020-26941
21 Jan 2021 — A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premi... • https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3687
https://notcve.org/view.php?id=CVE-2020-3687
21 Jan 2021 — Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue. • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-6024
https://notcve.org/view.php?id=CVE-2020-6024
20 Jan 2021 — Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. • https://supportcontent.checkpoint.com/solutions?id=sk142952 • CWE-114: Process Control CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-2054 – Oracle Database Procedure Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-2054
20 Jan 2021 —  Vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle Database. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from users with limited privileges. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3162
https://notcve.org/view.php?id=CVE-2021-3162
15 Jan 2021 — Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. • https://docs.docker.com/docker-for-mac/release-notes/#docker-desktop-community-2500 • CWE-295: Improper Certificate Validation •